LuckyCat Malware Threat Targets Macs through Word

Mac users are facing a new malware threat called LuckyCat, fresh on the tail of Flashback. This new trojan targets a security flaw in Microsoft Word to spread its malware payload via Java exploits.

Macs facing a new malware threat

Costin Raiu from Kaspersky Lab said in a SecureList blog post said LuckyCat was difficult to track down at first. “One of the biggest mysteries is the infection vector of these attacks. Given the highly targeted nature of the attack, there are very few traces,” he said. “Nevertheless, we found an important detail which is the missing link: Six Microsoft Word documents, which we detect as Exploit.MSWord.CVE-2009-0563.a.”

He added that there is evidence suggesting the malware payload was delivered through Word documents.

So far, it looks like the payload LuckyCat leaves behind can be used to remotely access the contents of an infected Mac. Based on Kaspersky’s data, attackers haven’t automated the process of scanning user’s hard drives, so they have to manually review the contents. Once they do that, however, attackers can copy specific files from victim’s hard drives.

Details are still slim on LuckyCat, so malware detection tools aren’t much help yet. As researchers learn more, we’ll likely see security patches and removal tools for Mac users that have been infected.

I’ve been watching the series Battle Castle.
Each week they talk about the design of a castle and what happened when an army attacks. Usually the walls were impenetrable, the foundation solid, the defenders were unwavering. However, there was usually a gate or a window, or a toilet that the attacking army used to sneak in and overwhelm the defenders. A vulnerability that rendered all of the spectacular stonework moot.